The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Tuesday, August 02, 2005

The Associated Press is reporting on a report from Gartner Inc., which suggests that most banks are not doing enough to protect customers from ATM fraud. The reason is that most bank and debit cards do not take advantage of the full potential of two-track magnetic strips. Most bank cards only encode the card number on the magnetic strip, so anybody with a card writer and your card number (available from discarded receipts) is able to make a duplicate. Combine that with your PIN and that's the key to emptying your account. The solution posited by the Gartner analysts is to use the second track in the magnetic strip to encode an additional token that is verified by the ATM but is not otherwise available to the users. Some banks already use this technique. See: Analysts Say ATM Systems Highly Vulnerable - Yahoo! News.

Please note that I am only able to provide legal advice to clients of my firm. If you have a privacy matter, please contact me about becoming a client. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser may not be protected by solicitor-client privilege.

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Due to professional ethics, the author may not be able to comment on matters in which a client has an interest. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.